{"id":"ASB-A-375407167","details":"In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-375407167","CVE-2025-0075"],"modified":"2026-04-21T15:25:42.831358Z","published":"2025-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5959f8bcf4efe924b0ba4dbcbfe83e602f0eb0ac"}],"affected":[{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-03-01"}]}],"versions":["15-next"],"ecosystem_specific":{"severity":"Critical","types":["RCE"],"vanir_signatures":[{"target":{"function":"process_service_search_attr_req","file":"system/stack/sdp/sdp_server.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d62bf15de2fb8161bab7067f6e8704452bd52460","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-375407167-8177b7e8","digest":{"length":7527,"function_hash":"242458238196945440098011377559197208300"}},{"target":{"file":"system/stack/sdp/sdp_server.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d62bf15de2fb8161bab7067f6e8704452bd52460","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-375407167-e948181d","digest":{"threshold":0.9,"line_hashes":["21449444399169415137039231101742242443","60515099035128252460509346087551164686","254748262588180354977847863067803374759","100903316257957078435583893446814753876"]}}],"spl":"2025-03-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d62bf15de2fb8161bab7067f6e8704452bd52460"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-375407167.json"}},{"package":{"name":"platform/packages/modules/Bluetooth","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-03-01"}]}],"versions":["15"],"ecosystem_specific":{"severity":"Critical","types":["RCE"],"vanir_signatures":[{"target":{"function":"process_service_search_attr_req","file":"system/stack/sdp/sdp_server.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f23300552c43a4f503debcf0236f29211ee1c557","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-375407167-ac964ca0","digest":{"length":7953,"function_hash":"324815705769937897209967449889129448480"}},{"target":{"file":"system/stack/sdp/sdp_server.cc"},"source":"https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f23300552c43a4f503debcf0236f29211ee1c557","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-375407167-e4e2bb60","digest":{"threshold":0.9,"line_hashes":["91418632319498322876677883531524763797","9566919150869272321742117416091613434","254748262588180354977847863067803374759","129950038488680540049713335411255211234"]}}],"spl":"2025-03-01","fixes":["https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f23300552c43a4f503debcf0236f29211ee1c557"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-375407167.json"}}],"schema_version":"1.7.5"}